This is exact reason is why I moved to OpenBSD for stuff that absolutely postively had to be running 24/7.
My problem was that it felt like I had to do security udpates every 2 and a half seconds.
I only made the mistake of trusting that config updater things once... broke all my configs.. luckily I backed those configs up before I did that upgrade... I dare not trust *any* update mechanism.

And no, I don't have time to test _every_ patch release -- I expect you (the Gentoo dev team) to do that for me. I would expect to hear something like: Ok, it's tested BUT it breaks your config files if you are using anything older than .xx.

And I also don't expect a personal email, but I do expect a single low-volume mailing list which explains the above. I don't have time to subsribe to 30 mailing list _and_ actively participate in them _just_ to keep up with stupid things like this.

The stuff I do is not my full time job, however it does run my mail... so I have higher expectations.

Since OpenBSD doesn't have a gIFT port, I'm still using Gentoo.... and using Gentoo as a test box for other stupid little tweaky things for friends and family.

Perhaps my expectations of the Gentoo (or Linux as a whole) are too high?

At one point I was subscribe to that and did follow the security updates, but it failed to tell me when config files were different (or maybe I didn't notice).
This still doesn't address the having to update 20 packages a month just to be secure issue. Don't get me wrong, I'm not blaming Gentoo for those security problems and I like the fact that Linux updates exceptionally fast, but they just don't catch enough upfront like OpenBSD does.

GWN gives information overload on things that don't apply to me (it would be _really_ cool if tey could customize an email for you; For example you check a box that says "I want to see security updates" and check "I want to see somethign else" so you don't get all the other cruft if you don't want it). Also the GWN is not searchable, as far as I can tell.

What's wrong with posting a warning that requires some kind of keyword so you have to acknowledge it will break your config? For example, checking to see if /tmp/apache2.x exists... otheriwse, they should 'touch /tmp/apache2.x' to make certain they understand things will suck soon, be ready.

My main gripe is just the community working for features and not security... 3 people that live within driving distance got their Gentoo box rooted (becuase of XMLRPC vuln; Drupal software was the reason we had that; Not that we needed the XMLRPC) and also becuase /tmp was mounted with exec privs (at the time the install doc said nothing of /tmp with noexec).

He must be talking about all the new packages that get put into portage every month, most of which aren't required updates, well really, nothing is required. You can choose what you want to update and when.

Using dispatch-conf you are able to merge updates to your configuration files while keeping track of all changes. dispatch-conf stores the differences between the configuration files as patches or by using the RCS revision system.

Like etc-update, you can ask to keep the configuration file as-is, use the new configuration file, edit the current one or merge the changes interactively. However, dispatch-conf also has some nice additional features:

* Automatically merge configuration file updates that only contain updates to comments
* Automatically merge configuration files which only differ in the amount of whitespace

Make certain you edit /etc/dispatch-conf.conf first and create the directory referenced by the archive-dir variable.

But if you have a better idea how to handle something like that, I bet the devs (and me too!) would love to hear about it.

I'm still waiting for an answer.

They are useing a very good scripting langauge ("Python") you'd think they could you know.... Maby write some code that moves some of the exsisting configuration settings over such as renaming the the configuration file to httpd.conf, moving the location of DocumentRoot directories since they actually do move. Real general stuff like that. Simply compiling a binary and dumping it in /usr/bin doesn't strike me as an advanced package managment.

Overall I am finding Gentoo to be a very fun and useful tool for learning *MANUAL* linux configuration, but I also have zero faith in gentoo as a a server platform (Due to the cavalier discipline used by its maintainers), or at the vert least a reliable server, or even less as a reliable server after perfroming an automated update.

Overall I don't mind babysitting gentoo at home when I have all the time in the world (and it is often required but I don't mind) , but I'm afraid I can't trust it to function properly in the Real World where I don't have the luxury of spending a lot of time, and even more sad is all this time could be avoided by not upgrading. Does this sound reasonable to you where users feel punished for upgradeing a apackage to the point that they quickly learn to avoid upgrades? You can argue that the maintainers don't have a better way of handling it, don't know of a better way of handling it, or that they actually gave sufficiant notice to users about how to use their *ALLEGED* automatic update via portage, but in the end users like my self and the above poster have learned not to trust the Gentoo package maintainers, in a real server enmvironment.

Don't get me wrong. Most of the times (and I mean most of the times) gentoo packages are installed smoothly and with no trouble at all. Its just that ones in a while out of the blue moon (Every month or 2) BOOM!, Some liberal disciplined maintainer decides to drop a bomb on us, and ruins the reputation for the rest of the maintainers. Boom Apache doesn't work, Boom sshd is now broken, Boom gcc is now borked(Ok I'm exagerrating I haven't seen anything break GCC yet, thank god, and hope I never do).

We love gentoo, we want it to work, we are grateful that the maintainers take the time to actually maintain gentoo, but we are slowly accepting the situation that gentoo is not suitable for a server enviornment in which 100s of users depend on it for their work. Its just not reliable enough.

They are useing a very good scripting langauge ("Python") you'd think they could you know.... Maby write some code that moves some of the exsisting configuration settings over such as renaming the the configuration file to httpd.conf, moving the location of DocumentRoot directories since they actually do move. Real general stuff like that. Simply compiling a binary and dumping it in /usr/bin doesn't strike me as an advanced package managment.

I moved to Gentoo from Debian, because of Debian Unstable's frequent garbage scripts which had blatant errors in them. I had to use Debian Unstable to use the current year's versions. I don't want a distro to mess with my config files - that just keeps the users ignorant.

Quote:

We love gentoo, we want it to work, we are grateful that the maintainers take the time to actually maintain gentoo, but we are slowly accepting the situation that gentoo is not suitable for a server enviornment in which 100s of users depend on it for their work. Its just not reliable enough.

Gentoo is not Debian. Who said that Gentoo is Debian? Choose the distro appropriate to your task, and if you're choosing Gentoo for a server, then you have to do your own research on upgrades.

The Gentoo Apache Team is pleased to announce the stabilizing of package updates that have been in the works for over a year. Some of the major changes include:

New configuration and configuration locations to more closely match upstream and reduce confusion for users coming from other distributions.
Modules now use a centralized eclass that builds, installs, and displays standard information on enabling the module. This allows easier maintenance of existing modules, and allows us to more rapidly develop ebuilds for modules that are not yet in the tree.
Expanded USE flags to let you choose which MPM is compiled.
A new gentoo-webroot that will eventually provide a gentoo-themed icon-set, error documents, and default website. This has been put in it's own package, and includes a USE-flag to not install the gentoo-webroot into /var/www/localhost - useful if you put your own website there.
And much more, including the fixing of many many bugs.

--- Cut Here ----

Wow this sounds great. The mentions of the word stabilizing and that fact that the update had been in the works for over a year makes me instantly want to "emerge --update apache" before I even catch the
"Because of these changes and improvements, when you upgrade to the new revision of Apache, you will need to take care of some things. These are fully documented in our Upgrading Apache document, but in summary, this is what you will need to do: ". Its great this fine print is way out their some where for all those lucky enough to find it to read. Its nice to see the maintainers have washed their hands of this by disclosing it in what some might call obscure news letter.

So shame on all those users that decided to trust the maintainers when they "emerge --update world". I mean didn't they know they are supposed to read every single article and news item that relates to the packages that show up in "emerge --pretend --update world". After a few hours reading all that news it would have been obvious as to how to migrate configuration options (Which are manual any way you look at it)

Again don't punish them for upgrading.
And don't punish them for not reading all of the hundreds of lines of text in the news before upgrading.
I'd say about 95% of us were suprised to find apache broken after updating it, but Most of us ended up
having to fix it on our own (my self included). Trouble is we don't need those lucky few 5% of us out
their likewise acting equally suprised to learn that people are not happy with this easily avoidable surpise.

This is the last time I will EVER run gentoo on a machine that I depend on as a server.

if you're doing updates on a server which you depend on, you just have to check what the updates do!

there is nothing you should be complaining about except your own lazyness

He is justified in complaining about:
A) The bad practices being exhibited by gentoo maintainers
B) His own nieveness for assuming gentoo maintainers would be reasonbale enough to
script in migration of configurations into their ebuild like what most reasonable distributions
do, or expect the maintainers to pretend that is is a routine software update.
C) His optimistic assumption that this is acceptable behavior from a distro that can be used
in a server platform environment. (He has of course admitted that he will no longer make this
assumption about gentoo)

tornamodo wrote:

especially if you use a server it's a good idea to use gentoo - because you can compile everything the way you want it to be. you get just the most out of the server!

The 30% increase in performance via compiler optimizations is not enough to justify the risk of any downtime due to ugly suprises some maintainers have left on updates. Perhaps you don't realize how bad downtime is in a enterprise environment perhaps your not experienced in manageing servers in an enterprise environment, either way just know that its unacceptable for working software to break on upgrade. Even Microsoft tries to avoid this.

They are useing a very good scripting langauge ("Python") you'd think they could you know.... Maby write some code that moves some of the exsisting configuration settings over such as renaming the the configuration file to httpd.conf, moving the location of DocumentRoot directories since they actually do move. Real general stuff like that. Simply compiling a binary and dumping it in /usr/bin doesn't strike me as an advanced package managment.

I moved to Gentoo from Debian, because of Debian Unstable's frequent garbage scripts which had blatant errors in them. I had to use Debian Unstable to use the current year's versions. I don't want a distro to mess with my config files - that just keeps the users ignorant.

Long story short. When I want to learn about Linux configuration I use Gentoo. (Cause I don't want to be a ignorant user).

When I want to use a enterprise level server I don't use gentoo, as these "Learning" suprises offered by gentoo updates are detrimental in a server environment where you need a server up and running quickly as possible. The idea is get the server up fast then tune it. The fact that Gentoo's update for apache is now configured to run with a differen't config file and from differen't directories already shows that gentoo has *MESSED* with the configurations of apache.

Don't get me wrong I run Gentoo at home and use apache on it just fine. I just know better then to try this at work.

Quote:

Gentoo is not Debian. Who said that Gentoo is Debian? Choose the distro appropriate to your task, and if you're choosing Gentoo for a server, then you have to do your own research on upgrades.

i must say....this was a royal pain in the arse. i got everything working...but this is ridiculous.

spare me the excuses of "you should have read this" and "you should have done that" or "get on IRC" or "check the newsletter"

if you want Gentoo to be taken seriously as being plausible for a production environment, this is absolutely unacceptible. that nice little warning it gives you after the build telling you about the changes? how about we put that as a warning BEFORE the new package is built.

Again, sure there are ways that I could have avoided this on my own behalf...but none of them acceptible if the folks at Gentoo wish to be taken seriously for production environments. These are MAJOR CHANGES!

naked lady popping out of a cake to warn me? absolutely. this is a major change. convey this change in every conceivable way to ensure that noone gets caught off guard. go ahead and spit the excuse back at me, "you had your warning, it was in the newsletters!". I have a real job besides maintaining my Gentoo system. If this is all you spend your time on, sure, no problem, you can read about every last change taking place in portage. Aside from that it's completely impractical, and inexcusable for this to happen....at least again, if anyone wishes Gentoo to be taken seriously for a production environment.

ridiculous. had i not already entrusted a multitude of domains to my Gentoo system, i would have taken off the rest of the workday, gone home, and scrapped it. Just gone with FreeBSD or Slack.

All this talk of "Gentoo devs are not doing a good job" is getting me down. You do understand that everyone is a volunteer and has a limited amount of time to work on Gentoo each week. That means that we all have to prioritize what work we do. For instance, I am a Forum Moderator and I'm also in charge of the web redesign (I also answer questions that are directed towards www.gentoo.org along with a few other people). Each week I have to decide what work for each of these 3 roles I am going to do, IF I have any time at all. Devs who work on the portage tree have to decide which ebuilds need the most attention and prioritize that time accordingly. MOST of the time those devs don't ahve the extra time to script in things like config file migrations. Even if they DID have the time they still wouldn't do it.

Gentoo is not Debian. Gentoo PURPOSELY doesn't do things like config migration because that is up to you, the maintainer of the OS, to do. Gentoo is just a collection of tools that allow you to build your own Operating System. The ebuilds that the devs provide are no more than a reference for you, the creator of the OS, to use at your own discretion. If you don't like the way a particular ebuild works then change it and put it in your overlay.

Here is a good example: The maintainer of the xine-lib ebuild removed mmx and sse support from the ebuild because it breaks on hardened profiles. This was the stupidest thing I have ever witnessed happen in my >three years of using Gentoo. Did I start a thread and bitch like some whiny ass little child? No, I searched and found the bug report about it and read the reasons why. I followed the irc discussions and email debates about it. In the end the maintainer won out and xine-lib will no longer have mmx or sse support until hardened can make it work for them. Am I upset about this? Yes, you better believe I am upset. That maintainer did a shitty ass job and let down everyone who uses xine. You know what? So fucking what. It was his decision to make. Just like it was my decision to print out a copy if his shitty ass ebuild and burn it in effigy. Then I made my own ebuild that included mmx and sse support and put it in my overlay. Problem solved. Eventually he will have the time to fix it or hardened will figure out a way to make it work and the xine-lib ebuild will include mmx and sse. When that Gentoo provided ebuild works to my satisfaction I will remove my custom ebuild and start using the official one again.

Am I telling you all this to put down the way Gentoo works? No, I am telling you all this so that you will understand that THAT'S HOW IT WORKS IN GENTOO!!!!!!!!!!!!!

YOU, the person using it, are responsible for your installation. YOU are responsible for knowing that apache has changed. YOU are responsible for every single package that YOU install on your system. If YOU are not capable of doing this or if YOU don't like it then put Debian on your machine and STFU because I am tired of hearing about it._________________Please read the Forum Guidelines.
* | www.gayroughnecks.com | *

The maintainer of the xine-lib ebuild removed mmx and sse support from the ebuild because it breaks on hardened profiles. This was the stupidest thing I have ever witnessed happen in my >three years of using Gentoo. That maintainer did a shitty ass job and let down everyone who uses xine. So fucking what. It was his decision to make.

I'm going to say this once, if you blindly run an update without testing it beforehand, then you are not responseable enough to be an administrator of an enterprise network. Plain and simple.

I don't want to see anymore whining about 'package update X br0k3 my b0x0r'. If a server is THAT important, you MUST test every update before implimenting it. You can't expect project maintainers to get 100% of things right 100% of the time.

Here's an idea, if you think you can do better, try maintaining your own distro.

People might note, certain Gentoo/Apache servers didn't go down for hours when the new update was applied. Guess which ones?.. other than gentoo.org servers. I happend to notice the ewarnings when I emerged the updated apache, I also saw the announcements on the GWN, thus I sorted out my httpd.conf *BEFORE* `/etc/init.d/apache restart`.

Come on people, its not rocket science. God help us all if you did try rocket science.

Suicide wrote:

If uptime is as critical to you guys as you claim I would seriously reccomend some type of
clustering/load balancing before a raid or other hardware failure really ruins your week.

Curtis I'm sorry but developers do not need to just do dumb shit for the sake of doing dumb shit with no accountability. You can make ten billion exscuses about this is the way Gentoo works but the fact still remains that this thing is a product. The entire spftware market is so completely fucked up because of the insane descisions made by business men and women as well as the software engineers who in thier infinite madness decided to create software as we understand it today. Bill Gates did not have to completely screw up his OS the way he did but he did and now he is stuck trying to maintain about a decade's worth of legacy applications while [more likely than not] half assing his way through overall security of the system not to mention relative flexibility. All the while he tries to peddle his crap ware to the entire planet telling people how great it is when it really isn't all that great at all.

The situation is not really any different in the supposedly open source community the developers seem to be so completely disconnected from reality that they have basically decided to polarize the community into two major camps and create an environment where users have to deal with a MINIMUM of two control interfaces for the platform that don't communicate with each other properly! All the while the main propagators of this insanity scream that they are providing a "complete experience" of "integration" and continue to spit in the users face by peddling psuedo integrated crap while leaving them stuck with a second interface for no good reason at all! But developers have come to believe like thier corporate counterparts that if they just keep telling people something is good they can peddle any kind of crap they want and no one should dare to have an opinion about it or express any fustration with the crapware. People need to face the fact that you can't screw someone and then expect them to not have an opinion about it or fix (the code in this case) it themselves.

Opensource is supposed to empower everyone not just the developers but that is the exact opposite of what has actually occured and quite frankly what we got is a group of people who are able to talk out of both sides of thier back sides just like the people at Microsoft. If the minds of the people creating the software are sealed shut there is no real point to having the source code being freely available because exactly .0000000000000000000000000000001 of the entire software market user base has the skills to do such a thing. I have a genuine interest in developing software in general but I CANNOT learn twelve different programming languages to hack all these different programs myself because some developer decided to do something really stupid.

Guess what the people who use Gentoo also work hard and have to prioritize what work they do; do you think no one else has to do that, is the end user's time not as valueable as yours or a developers?

Quote:

MOST of the time those devs don't ahve the extra time to script in things like config file migrations. Even if they DID have the time they still wouldn't do it.

You say that even if developers had time to script config file migrations they wouldn't so screw the end user right, fuck him he isn't important at all.......OH yea that is real nice, guess what when you end up with smashed config files and have to dick around in them for a few hours you have to take time to do that and in case you and anyone else reading this does not know TIME IS MONEY! If I decide to use [insert distro here] for any business [or even some personal purposes] purpose developers changing a config file and presumeably not making information about this readily apparent during the upgrade process thereby leaving the end user to figure out what the problem is directly affects someone's bank account.

The end user is the maintainer of his or her own box operating system maintenance is NOT the responsibility of the end user outside of sane security practices and keeping things up to date on the system._________________Ware wa mutekinari.
Wa ga kage waza ni kanau mono nashi.
Wa ga ichigeki wa mutekinari.

"First there was nothing, so the lord gave us light. There was still nothing, but at least you could see it."

We produce Gentoo Linux, a special flavor of Linux that can be automatically optimized and customized for just about any application or need. Extreme configurability, performance and a top-notch user and developer community are all hallmarks of the Gentoo experience.
...
Because of its near-unlimited adaptability, we call Gentoo Linux a metadistribution.

Gentoo has never claimed to be a system that Just Works (tm). It's all about flexibility and freedom.

If you read the Gentoo philosophy on the website you see that this kind of crap goes directly against the vision the creator of Gentoo had for the system in the first place. Its a joke for anyone to use this metadistribution bull to exscuse the kind of crap that goes on with Linux distros which are almost ALL effectively metadistributions since they do not actually produce most of the programs that they ship for the systems._________________Ware wa mutekinari.
Wa ga kage waza ni kanau mono nashi.
Wa ga ichigeki wa mutekinari.

"First there was nothing, so the lord gave us light. There was still nothing, but at least you could see it."

If you read the Gentoo philosophy on the website you see that this kind of crap goes directly against the vision the creator of Gentoo had for the system in the first place. Its a joke for anyone to use this metadistribution bull to exscuse the kind of crap that goes on with Linux distros which are almost ALL effectively metadistributions since they do not actually produce most of the programs that they ship for the systems.

http://www.gentoo.org/main/en/philosophy.xml wrote:

The Gentoo philosophy, in a paragraph, is this. Every user has work they need to do. The goal of Gentoo is to design tools and systems that allow a user to do their work pleasantly and efficiently as possible, as they see fit. Our tools should be a joy to use, and should help the user to appreciate the richness of the Linux and free software community, and the flexibility of free software. This is only possible when the tool is designed to reflect and transmit the will of the user, and leave the possibilities open as to the final form of the raw materials (the source code.) If the tool forces the user to do things a particular way, then the tool is working against, rather than for, the user. We have all experienced situations where tools seem to be imposing their respective wills on us. This is backwards, and contrary to the Gentoo philosophy.

Everything I said in my previous post is reflected in this. The tool (Portage) is not standing in my way nor is it forcing me to do anything it's way. In my example I simply created a new ebuild, put it in my overlay and voila! It is doing exactly what I want it to do. Just as the Philosophy says._________________Please read the Forum Guidelines.
* | www.gayroughnecks.com | *

@Shadow Skill:
Do you ever stop and think?.. or do your fingers have an autopilot mode?

Seriously, if you think you can do a better job, be my guest.
Otherwise, stop ranting incoherent garbage.

If you want to write, expand, or bug fix software, learn C/C++, they are the two major languages being used to develop core software.

However, in realworld (tm) software development, is a big job, takes a lot of time and effort.

Part of being a project maintainer is taking the hard calls (e.g. bringing the Apache configs inline with upstream maintainers). It HAD to be done, it wasn't feasable for a user of distro x, to come from a standard httpd.conf to apache and have to learn a whole new config system, it shouldn't have been done in the first place, but it was. Now its fixed, warnings were issued in practically every way feasable short of a massive font on http://www.gentoo.org/index.xml stating Apache configs have been changed, update your apache configs before restarting it!!!!!!.

Now please let this hopeless useless thread die.

Last edited by aidanjt on Tue Jan 31, 2006 1:56 am; edited 2 times in total